CN116614466A - Phishing mail detection and protection method and system - Google Patents
Phishing mail detection and protection method and system Download PDFInfo
- Publication number
- CN116614466A CN116614466A CN202310613398.5A CN202310613398A CN116614466A CN 116614466 A CN116614466 A CN 116614466A CN 202310613398 A CN202310613398 A CN 202310613398A CN 116614466 A CN116614466 A CN 116614466A
- Authority
- CN
- China
- Prior art keywords
- phishing
- mails
- sandbox
- analysis
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 52
- 238000001514 detection method Methods 0.000 title claims abstract description 32
- 238000004458 analytical method Methods 0.000 claims abstract description 51
- 244000035744 Hura crepitans Species 0.000 claims abstract description 36
- 238000001914 filtration Methods 0.000 claims abstract description 18
- 230000006870 function Effects 0.000 claims abstract description 13
- 238000012544 monitoring process Methods 0.000 claims abstract description 6
- 230000006399 behavior Effects 0.000 claims description 12
- 238000009792 diffusion process Methods 0.000 claims description 7
- 241000700605 Viruses Species 0.000 claims description 6
- 238000004590 computer program Methods 0.000 claims description 5
- 238000010801 machine learning Methods 0.000 claims description 4
- 206010000117 Abnormal behaviour Diseases 0.000 claims description 3
- 238000012549 training Methods 0.000 claims description 3
- 238000010586 diagram Methods 0.000 description 7
- 238000005516 engineering process Methods 0.000 description 7
- 238000004891 communication Methods 0.000 description 6
- 238000012545 processing Methods 0.000 description 6
- 230000008569 process Effects 0.000 description 4
- 230000009471 action Effects 0.000 description 3
- 230000007115 recruitment Effects 0.000 description 3
- 230000002155 anti-virotic effect Effects 0.000 description 2
- 230000004048 modification Effects 0.000 description 2
- 238000012986 modification Methods 0.000 description 2
- 238000005457 optimization Methods 0.000 description 2
- 238000003491 array Methods 0.000 description 1
- 238000013473 artificial intelligence Methods 0.000 description 1
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000005540 biological transmission Effects 0.000 description 1
- 238000013135 deep learning Methods 0.000 description 1
- 230000007123 defense Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 230000006872 improvement Effects 0.000 description 1
- 230000003993 interaction Effects 0.000 description 1
- 230000003287 optical effect Effects 0.000 description 1
- 230000011664 signaling Effects 0.000 description 1
- 238000012360 testing method Methods 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L51/00—User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
- H04L51/21—Monitoring or handling of messages
- H04L51/212—Monitoring or handling of messages using filtering or selective blocking
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L51/00—User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
- H04L51/42—Mailbox-related aspects, e.g. synchronisation of mailboxes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1483—Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
Landscapes
- Engineering & Computer Science (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Computer Security & Cryptography (AREA)
- Computer Hardware Design (AREA)
- Computing Systems (AREA)
- General Engineering & Computer Science (AREA)
- Information Transfer Between Computers (AREA)
Abstract
The application discloses a phishing mail detection and protection method and system, and relates to the technical field of information security management. The method comprises the following steps: interfacing with a mail server, monitoring mails, and filtering each mail passing through the mail server through a sandbox; after the mail is filtered through a sandbox, extracting text content of the mail, carrying out corpus analysis, judging whether the mail is a phishing mail, if so, notifying a mail receiver and a mail manager to carry out further judgment; and recording and summarizing and classifying the characteristics of the phishing mails, performing corpus analysis function learning according to the summarized and classified dialects, optimizing a judging mode, and intercepting the mails of the subsequent similar dialects. The application can carry out simpler and more efficient detection aiming at social fishing, and can obviously reduce the time cost of personnel.
Description
Technical Field
The application relates to the technical field of information security management, in particular to a phishing mail detection and protection method and system.
Background
With the continuous development of the internet, the mail becomes an indispensable part of the work and life of people, and meanwhile, the security of the mail is also continuously under test. The fishing attack to enterprises is continuously occurring, so that the normal operation of the enterprises is greatly influenced, and meanwhile, certain economic loss is caused. Along with the continuous progress of network security technology, mail phishing becomes an attack means with lower cost and higher efficiency, and the technology is widely applied to various APT attacks, attack and defense exercises and the like, so that the mail detection and protection means are required to be continuously improved and perfected.
However, the protection of the existing mail protection software on the mail is relatively one-sided, and the complete detection of some specific fishing accessories cannot be achieved, so that a new detection and protection scheme is needed to solve the above problems.
Disclosure of Invention
In order to overcome or at least partially solve the above problems, the present application provides a method and a system for detecting and protecting phishing mails, which can detect phishing by social workers more simply and more efficiently, and can significantly reduce the time cost of personnel.
In order to solve the technical problems, the application adopts the following technical scheme:
in a first aspect, the present application provides a method for detecting and protecting phishing mails, comprising the steps of:
interfacing with a mail server, monitoring mails, and filtering each mail passing through the mail server through a sandbox;
after the mail is filtered through a sandbox, extracting text content of the mail, carrying out corpus analysis, judging whether the mail is a phishing mail, if so, notifying a mail receiver and a mail manager to carry out further judgment;
and recording and summarizing and classifying the characteristics of the phishing mails, performing corpus analysis function learning according to the summarized and classified dialects, optimizing a judging mode, and intercepting the mails of the subsequent similar dialects.
The method is mainly used for carrying out omnibearing detection on fishing by technologies such as sandboxes, corpus analysis, fishing rule summarization and the like. After the user is deployed, the phishing mails can be detected and protected, the probability of recruitment in the phishing mails is reduced, and the working efficiency is improved. The method can also continuously learn and optimize based on the content of the phishing mail, and gradually reduce the labor cost.
Based on the first aspect, the method for filtering each mail passing through the mail server through the sandbox further comprises the following steps:
carrying out primary searching and killing on each mail passing through the mail server through a sandbox layer;
after the mail is checked out, the mail enters a sandbox two-layer, behavior detection is carried out, analysis and detection are carried out on the attached content of the mail, and the mail with abnormal behavior is intercepted.
Based on the first aspect, further, the sandbox identifies the abutting virus layer by layer, and the mail attachment is checked and killed through the virus.
Based on the first aspect, the phishing mail detection and protection method further comprises the following steps:
and acquiring a speaking theory of the historical phishing mail, analyzing the contents of the aspects of the characteristics, the structure, the sentences and the vocabulary of the speaking theory through machine learning, and performing analysis training to construct a corpus analysis model.
Based on the first aspect, the method for performing corpus analysis and judging whether the email is a phishing email further comprises the following steps:
analyzing the text content of the mail by a corpus analysis model to obtain an analysis result;
and judging whether the mail is the phishing mail according to the analysis result.
Based on the first aspect, the phishing mail detection and protection method further comprises the following steps:
and counting and judging whether the mail is a phishing mail according to the diffusion quantity of the same mail and a preset diffusion threshold value.
In a second aspect, the application provides a phishing mail detection and protection system, which comprises a mail filtering module, a corpus analysis judging module and a summarization classifying module, wherein:
the mail filtering module is used for interfacing with the mail server, monitoring the mails and filtering each mail passing through the mail server through the sandbox;
the corpus analysis judging module is used for extracting text content of the mail after the mail is filtered by the sandbox, carrying out corpus analysis and judging whether the mail is a phishing mail, if so, notifying a mail receiver and a mail manager to carry out further judgment;
and the summarizing and classifying module is used for recording and summarizing and classifying the characteristics of the phishing mails, carrying out corpus analysis function learning according to the summarizing and classifying rules, optimizing and judging modes, and intercepting the mails of the follow-up similar rules.
The system can perform simpler and more efficient detection on social fishing through matching of a plurality of modules such as a mail filtering module, a corpus analysis judging module, a summarizing and classifying module and the like and technologies such as sandbox, corpus analysis, fishing rule summarizing and the like, and can obviously reduce personnel time cost.
In a third aspect, the present application provides an electronic device comprising a memory for storing one or more programs; a processor; the method of any of the first aspects described above is implemented when one or more programs are executed by a processor.
In a fourth aspect, the present application provides a computer readable storage medium having stored thereon a computer program which, when executed by a processor, implements a method as in any of the first aspects described above.
The application has at least the following advantages or beneficial effects:
the application provides a phishing mail detection and protection method and system, which are mainly used for carrying out omnibearing detection on phishing through technologies such as sandboxes, corpus analysis, phishing rule summarization and the like. After the user deploys, the phishing mails can be detected and protected, so that probability of recruitment in the phishing mails is reduced, and the working efficiency is improved; the optimization can be continuously learned based on the content of the phishing mail, so that the labor cost is gradually reduced.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present application, the drawings that are needed in the embodiments will be briefly described below, it being understood that the following drawings only illustrate some embodiments of the present application and therefore should not be considered as limiting the scope, and other related drawings may be obtained according to these drawings without inventive effort for a person skilled in the art.
FIG. 1 is a flow chart of a method for detecting and protecting phishing mails according to an embodiment of the application;
FIG. 2 is a flowchart of mail filtering in a method for detecting and protecting phishing mails according to an embodiment of the application;
FIG. 3 is a detailed schematic diagram of a method for detecting and protecting phishing mails according to an embodiment of the application;
FIG. 4 is a schematic block diagram of a phishing mail detection and protection system according to an embodiment of the present application;
fig. 5 is a block diagram of an electronic device according to an embodiment of the present application.
Reference numerals illustrate: 100. a mail filtering module; 200. a corpus analysis and judgment module; 300. summarizing and classifying modules; 101. a memory; 102. a processor; 103. a communication interface.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present application more apparent, the technical solutions of the embodiments of the present application will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present application, and it is apparent that the described embodiments are some embodiments of the present application, but not all embodiments of the present application. The components of the embodiments of the present application generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations.
Thus, the following detailed description of the embodiments of the application, as presented in the figures, is not intended to limit the scope of the application, as claimed, but is merely representative of selected embodiments of the application. All other embodiments, which can be made by those skilled in the art based on the embodiments of the application without making any inventive effort, are intended to be within the scope of the application.
It should be noted that: like reference numerals and letters denote like items in the following figures, and thus once an item is defined in one figure, no further definition or explanation thereof is necessary in the following figures.
It is noted that relational terms such as first and second, and the like are used solely to distinguish one entity or action from another entity or action without necessarily requiring or implying any actual such relationship or order between such entities or actions. Moreover, the terms "comprises," "comprising," or any other variation thereof, are intended to cover a non-exclusive inclusion, such that a process, method, article, or apparatus that comprises a list of elements does not include only those elements but may include other elements not expressly listed or inherent to such process, method, article, or apparatus. Without further limitation, an element defined by the phrase "comprising one … …" does not exclude the presence of other like elements in a process, method, article, or apparatus that comprises the element.
In the description of the embodiments of the present application, "plurality" means at least 2.
Examples:
as shown in fig. 1-3, in a first aspect, the present application provides a method for detecting and protecting phishing mails, comprising the following steps:
s1, butting with a mail server, monitoring mails, and filtering each mail passing through the mail server through a sandbox;
further, as shown in fig. 2, includes:
s11, primarily checking and killing each mail passing through the mail server through a sandbox layer; and the sandboxes are used for identifying the abutting positions in a layer manner, and the mail attachments are checked and killed through the abutting positions.
S12, after the mail is checked and killed, entering a sandbox second layer, performing behavior detection, analyzing and detecting the attached content of the mail, and intercepting the mail with abnormal behavior.
In some embodiments of the present application, the platform is deployed on a machine where the mail server is located, and interfaces with the mail server, each mail, after passing through the mail server, is filtered by a platform sandbox, most of the known remote trojans are checked and killed by the sandbox, and then the two-layer behavior detection is performed after checking and killing by one layer, so as to analyze the file behavior, and double checking and killing are performed in order to avoid the killing-free processing of the attachment by an attacker. When the behavior detection finds suspicious behaviors, the mails are intercepted, the attachments are extracted and notified to the security responsible person, and the attachments are analyzed by special persons later. The sandbox function identifies the abutting virus layer by layer, and searches and kills the mail attachments through the virus. virus interfaces to multiple antivirus engines, involving 60+ antivirus software. The sandbox function two-layer self-virtual system and behavior capture, when the accessory passes through the detection of the sandbox one-layer, the accessory can enter the behavior detection of the two-layer, the behavior detection is analyzed through the running process behavior of the accessory, the suspicious external connection, the internal suspicious call, the high-authority operation and the like are involved, when some preset suspicious behaviors occur, interception is carried out, a security administrator is informed of analyzing the accessory, and mail logs are stored so as to facilitate subsequent tracing.
S2, after the mail is filtered through a sandbox, extracting text content of the mail, carrying out corpus analysis, judging whether the mail is a phishing mail, and if so, notifying a mail receiver and a mail manager to carry out further judgment;
further, the method further comprises the following steps before corpus analysis: and acquiring a speaking theory of the historical phishing mail, analyzing the contents of the aspects of the characteristics, the structure, the sentences and the vocabulary of the speaking theory through machine learning, and performing analysis training to construct a corpus analysis model.
Further, the method comprises the steps of: analyzing the text content of the mail by a corpus analysis model to obtain an analysis result; and judging whether the mail is the phishing mail according to the analysis result.
Further, the method further comprises the following steps: and counting and judging whether the mail is a phishing mail according to the diffusion quantity of the same mail and a preset diffusion threshold value.
In some embodiments of the application, the social work speaking operation and the induced language involved in the fishing mail are analyzed through machine learning, the artificial intelligence capable of automatically identifying the language description of the fishing mail is trained, and the mail content can be primarily judged through the trained intelligence. The mail is extracted for the text content of the mail after passing through the sandbox, and the text content is also extracted when the text content is equally related to the analysis attachment format, and the extracted content is transferred into a corpus analysis library for analysis. The corpus is mainly used for grasping and judging a method for the social worker phishing technique through deep learning of the social worker phishing technique, judging whether the mail is a phishing mail through preliminary judgment of the corpus, meanwhile, judging the mail by combining coverage extent (diffusion quantity) of the same mail, and if the mail is the phishing mail through preliminary judgment, informing a mail receiver and a mail manager to further judge.
And S3, recording and summarizing and classifying the characteristics of the phishing mails, performing corpus analysis function learning according to the summarized and classified dialects, optimizing and judging modes, and intercepting the mails of the subsequent similar dialects.
In some embodiments of the application, the characteristics of the historical discovered phishing mails are saved and classified, the judgment mode is continuously optimized, the details of the historical judgment as the phishing mails are reserved, interception is directly carried out if similar operation is discovered, and the labor cost is continuously reduced through continuous optimization.
The method is mainly used for carrying out omnibearing detection on fishing by technologies such as sandboxes, corpus analysis, fishing rule summarization and the like. After the user is deployed, the phishing mails can be detected and protected, the probability of recruitment in the phishing mails is reduced, and the working efficiency is improved. The method can also continuously learn and optimize based on the content of the phishing mail, and gradually reduce the labor cost.
As shown in fig. 4, in a second aspect, the present application provides a phishing mail detection and protection system, which includes a mail filtering module 100, a corpus analysis judging module 200, and a summary classifying module 300, wherein:
the mail filtering module 100 is configured to interface with a mail server, monitor a mail, and filter each mail passing through the mail server through a sandbox;
the corpus analysis judging module 200 is used for extracting text content of the mail after the mail is filtered by the sandbox, carrying out corpus analysis and judging whether the mail is a phishing mail, if so, notifying a mail receiver and a mail manager to carry out further judgment;
the summarizing and classifying module 300 is used for recording and summarizing and classifying the characteristics of the phishing mails, performing corpus analysis function learning according to the summarizing and classifying rules, optimizing the judging mode, and intercepting the mails of the follow-up similar rules.
The system can perform simpler and more efficient detection on social fishing through the cooperation of a plurality of modules such as the mail filtering module 100, the corpus analysis judging module 200, the summarizing and classifying module 300 and the like and through technologies such as sandboxes, corpus analysis, fishing rule summarizing and the like, and can obviously reduce the time cost of personnel.
As shown in fig. 5, in a third aspect, an embodiment of the present application provides an electronic device, which includes a memory 101 for storing one or more programs; a processor 102. The method of any of the first aspects described above is implemented when one or more programs are executed by the processor 102.
And a communication interface 103, where the memory 101, the processor 102 and the communication interface 103 are electrically connected directly or indirectly to each other to realize data transmission or interaction. For example, the components may be electrically connected to each other via one or more communication buses or signal lines. The memory 101 may be used to store software programs and modules that are stored within the memory 101 for execution by the processor 102 to perform various functional applications and data processing. The communication interface 103 may be used for communication of signaling or data with other node devices.
The Memory 101 may be, but is not limited to, a random access Memory (Random Access Memory, RAM), a Read Only Memory (ROM), a programmable Read Only Memory (Programmable Read-Only Memory, PROM), an erasable Read Only Memory (Erasable Programmable Read-Only Memory, EPROM), an electrically erasable Read Only Memory (Electric Erasable Programmable Read-Only Memory, EEPROM), etc.
The processor 102 may be an integrated circuit chip with signal processing capabilities. The processor 102 may be a general purpose processor including a central processing unit (Central Processing Unit, CPU), a network processor (Network Processor, NP), etc.; but also digital signal processors (Digital Signal Processing, DSP), application specific integrated circuits (Application Specific Integrated Circuit, ASIC), field programmable gate arrays (Field-Programmable Gate Array, FPGA) or other programmable logic devices, discrete gate or transistor logic devices, discrete hardware components.
In the embodiments provided in the present application, it should be understood that the disclosed method and system may be implemented in other manners. The above-described method and system embodiments are merely illustrative, for example, flow charts and block diagrams in the figures illustrate the architecture, functionality, and operation of possible implementations of methods and systems, methods and computer program products according to various embodiments of the present application. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that in some alternative implementations, the functions noted in the block may occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, can be implemented by special purpose hardware-based systems which perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
In addition, functional modules in the embodiments of the present application may be integrated together to form a single part, or each module may exist alone, or two or more modules may be integrated to form a single part.
In a fourth aspect, embodiments of the present application provide a computer readable storage medium having stored thereon a computer program which, when executed by the processor 102, implements a method as in any of the first aspects described above. The functions, if implemented in the form of software functional modules and sold or used as a stand-alone product, may be stored in a computer-readable storage medium. Based on this understanding, the technical solution of the present application may be embodied essentially or in a part contributing to the prior art or in a part of the technical solution, in the form of a software product stored in a storage medium, comprising several instructions for causing a computer device (which may be a personal computer, a server, a network device, etc.) to perform all or part of the steps of the method according to the embodiments of the present application. And the aforementioned storage medium includes: a U-disk, a removable hard disk, a Read-Only Memory (ROM), a random access Memory (RAM, random Access Memory), a magnetic disk, or an optical disk, or other various media capable of storing program codes.
The above is only a preferred embodiment of the present application, and is not intended to limit the present application, but various modifications and variations can be made to the present application by those skilled in the art. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present application should be included in the protection scope of the present application.
It will be evident to those skilled in the art that the application is not limited to the details of the foregoing illustrative embodiments, and that the present application may be embodied in other specific forms without departing from the spirit or essential characteristics thereof. The present embodiments are, therefore, to be considered in all respects as illustrative and not restrictive, the scope of the application being indicated by the appended claims rather than by the foregoing description, and all changes which come within the meaning and range of equivalency of the claims are therefore intended to be embraced therein. Any reference sign in a claim should not be construed as limiting the claim concerned.
Claims (9)
1. The phishing mail detection and protection method is characterized by comprising the following steps of:
interfacing with a mail server, monitoring mails, and filtering each mail passing through the mail server through a sandbox;
after the mail is filtered through a sandbox, extracting text content of the mail, carrying out corpus analysis, judging whether the mail is a phishing mail, if so, notifying a mail receiver and a mail manager to carry out further judgment;
and recording and summarizing and classifying the characteristics of the phishing mails, performing corpus analysis function learning according to the summarized and classified dialects, optimizing a judging mode, and intercepting the mails of the subsequent similar dialects.
2. The method for detecting and protecting phishing mails according to claim 1, wherein said method for filtering each mail passing through the mail server by sandbox comprises the steps of:
carrying out primary searching and killing on each mail passing through the mail server through a sandbox layer;
after the mail is checked out, the mail enters a sandbox two-layer, behavior detection is carried out, analysis and detection are carried out on the attached content of the mail, and the mail with abnormal behavior is intercepted.
3. A method of phishing mail detection and protection as claimed in claim 2 wherein said sandboxes are identified by a layer-by-layer butt-joint virus by which mail attachments are checked and killed.
4. The method for detecting and protecting phishing mails according to claim 1, further comprising the steps of:
and acquiring a speaking theory of the historical phishing mail, analyzing the contents of the aspects of the characteristics, the structure, the sentences and the vocabulary of the speaking theory through machine learning, and performing analysis training to construct a corpus analysis model.
5. The method for detecting and protecting phishing mails according to claim 4, wherein said method for performing corpus analysis to determine whether a phishing mail is a phishing mail comprises the steps of:
analyzing the text content of the mail by a corpus analysis model to obtain an analysis result;
and judging whether the mail is the phishing mail according to the analysis result.
6. The method for detecting and protecting phishing mails according to claim 1, further comprising the steps of:
and counting and judging whether the mail is a phishing mail according to the diffusion quantity of the same mail and a preset diffusion threshold value.
7. The phishing mail detection and protection system is characterized by comprising a mail filtering module, a corpus analysis judging module and a summarizing and classifying module, wherein:
the mail filtering module is used for interfacing with the mail server, monitoring the mails and filtering each mail passing through the mail server through the sandbox;
the corpus analysis judging module is used for extracting text content of the mail after the mail is filtered by the sandbox, carrying out corpus analysis and judging whether the mail is a phishing mail, if so, notifying a mail receiver and a mail manager to carry out further judgment;
and the summarizing and classifying module is used for recording and summarizing and classifying the characteristics of the phishing mails, carrying out corpus analysis function learning according to the summarizing and classifying rules, optimizing and judging modes, and intercepting the mails of the follow-up similar rules.
8. An electronic device, comprising:
a memory for storing one or more programs;
a processor;
the method of any of claims 1-6 is implemented when the one or more programs are executed by the processor.
9. A computer readable storage medium, on which a computer program is stored, which computer program, when being executed by a processor, implements the method according to any of claims 1-6.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310613398.5A CN116614466A (en) | 2023-05-27 | 2023-05-27 | Phishing mail detection and protection method and system |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310613398.5A CN116614466A (en) | 2023-05-27 | 2023-05-27 | Phishing mail detection and protection method and system |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116614466A true CN116614466A (en) | 2023-08-18 |
Family
ID=87681538
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310613398.5A Pending CN116614466A (en) | 2023-05-27 | 2023-05-27 | Phishing mail detection and protection method and system |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116614466A (en) |
-
2023
- 2023-05-27 CN CN202310613398.5A patent/CN116614466A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN113661693B (en) | Detecting sensitive data exposure via log | |
| US9888024B2 (en) | Detection of security incidents with low confidence security events | |
| CN108471429B (en) | Network attack warning method and system | |
| US10505986B1 (en) | Sensor based rules for responding to malicious activity | |
| US7893830B2 (en) | System and method of dynamically weighted analysis for intrusion decision-making | |
| CN109450955B (en) | Traffic processing method and device based on network attack | |
| CN110516156B (en) | Network behavior monitoring device, method, equipment and storage medium | |
| CN108833185B (en) | Network attack route restoration method and system | |
| US10158639B1 (en) | Data scrubbing via template generation and matching | |
| US20220253526A1 (en) | Incremental updates to malware detection models | |
| CN112153062B (en) | Multi-dimension-based suspicious terminal equipment detection method and system | |
| CN116938600B (en) | Threat event analysis method, electronic device and storage medium | |
| CN115296914A (en) | Network security analysis system | |
| CN110012000B (en) | Command detection method and device, computer equipment and storage medium | |
| Perera et al. | The next gen security operation center | |
| CN107766737B (en) | Database auditing method | |
| CN110708296B (en) | VPN account number collapse intelligent detection model based on long-time behavior analysis | |
| CN116614466A (en) | Phishing mail detection and protection method and system | |
| CN116346442A (en) | Threat detection method and device based on threat information | |
| CN107623677B (en) | Method and device for determining data security | |
| CN115664931A (en) | Alarm data association method, device, storage medium and equipment | |
| CN115277472A (en) | Network security risk early warning system and method for multidimensional industrial control system | |
| CN112988327A (en) | Container safety management method and system based on cloud edge cooperation | |
| CN118590314B (en) | Network threat detection method, system and medium based on artificial intelligence | |
| JP7059741B2 (en) | Fraud detection device, fraud detection method and fraud detection program |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination |